Skip to content

{ Category Archives } Paper

Scanning JBoss AS for open Invokers

Apparently, the guys at Acunetix were tired of examining their JBoss Application Servers manually for vulnerabilities. In their Web Vulnerability Scanner from Version 6.5 build 20091215 on, they integrated various checks for the stuff from our JBoss paper.
To give you a little reminder: Always check for

http://www.example.com/jmx-console
http://www.example.com/web-console
http://www.example.com/web-console/Invoker
http://www.example.com/invoker/JMXInvokerServlet

and any open JBoss Remoting / RMI ports. See the [...]

Tagged , , , ,
2010 02 03 phof Hacking Comments (1)

JBoss Paper: English version released

We finally came around to translate and release the 27+ pages of our JBoss paper (see also this post). That was quite some work, the first versions of my translations always read like a one-to-one translation from German. Then I read it again and correct those horribly sounding sentences to what I hope is [...]

Tagged , ,
2009 12 01 phof Hacking Comments (1)